Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco crapaganda

  • From: Michael.Dillon
  • Date: Thu Aug 11 12:15:26 2005

> Get a grip, Michael.  Any black hat who reads this list already knows
> this information (if indeed it exists; acting mysterious isn't gaining
> you any credibility with the cynical among us, and of course you
> aren't even providing enough detail for people with clues to discern
> what the bloody heck you're referring to).  All you're doing is
> withholding data from the non-black-hats.


I have no special sources of info. One Monday morning
I saw the traffic on this list about Lynn's presentation.
None of the posted URL's worked. One of them led to a legal
document ordering that the slides not be posted. So what
did I do?

That's right, I turned to Google. I found articles written
by people who attended the presentation. One person had
posted a zip file with photos of all of Lynn's slides as
presented at BlackHat. I even managed to find the PDF file
with the edited version of the slides that was the target
of the lawyers.

But I found more. It seems that a guy using the name FX
has been publishing stuff about Cisco heap exploits for
years now. I found his slides from a presentation made
at BlackHat Las Vegas in 2002. Lots of juicy detail. And I
found a long document translated from Chinese about modern
information/economic warfare.

I really didn't think this stuff was all that hard to find
because it took me all of 30 minutes.

The big question in my mind is why did Cisco freak out when
somebody wanted to present an overview of exploits that have
been worked on by hackers for the past 3 years? Especially
when Lynn is giving them some valuable free advice, i.e.
don't make it easier for hackers to use heap exploits.

Thank's to Drew's posting I now know that FX presented
again at BHLV a year later pointing out a UDP exploit that
can be used to facilitate building the correct heap exploit
for a specific IOS release and architecture.

It seems to me that Cisco has a fundamental communications
problem in regards to security. Their actions against Lynn
did not stop people from reading his slides and his slides
were not nearly as informative as the older slides from FX.
Also, Cisco seems stuck in the traditional vendor-customer
communications cycle that causes them to ignore or deprioritize
security related communications unless it comes to them
through a major customer. In fact, the people who REALLY
know this stuff may not work for a major Cisco customer
or if they do, they may not have access to the privileged
communications channels within their company.

--Michael Dillon

Give a man a fish and you feed him for a day, teach him
how to fish and you feed him for a lifetime.

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.